December 10, 2022Rabbi LakshmananWeb App Firewall / Web Security

New attack methods can be used to circumvent web application firewalls (WAFs) from various vendors and infiltrate systems, allowing attackers to gain access to sensitive business and customer information.

web application firewall important line of defense It helps you filter, monitor, and block HTTP(S) traffic to and from web applications, protecting against attacks such as cross-site forgery, cross-site scripting (XSS), file inclusion, and SQL injection.

cyber security

Common bypasses include adding ” JSON syntax In SQL injection payloads that WAF cannot parse Said“Most WAFs can easily detect SQLi attacks, but prepending JSON to the SQL syntax makes the WAF blind to these attacks.”

The industrial and IoT cybersecurity company says its technology has worked well against WAFs from vendors such as Amazon Web Services (AWS), Cloudflare, F5, Imperva, and Palo Alto Networks. All of these vendors have released updates to support JSON syntax during SQL injection inspection.

web application firewall

Acting as a security guardrail against malicious external HTTP(S) traffic, WAFs allow attackers with the ability to traverse barriers to gain initial access to target environments for further exploitation.

A bypass mechanism devised by Claroty Bank based on WAF’s lack of JSON support to create malformed SQL injection payloads containing JSON syntax to evade protections.

“Attackers using this new technique can gain access to back-end databases and use additional vulnerabilities and exploits to exfiltrate information through direct server access or via the cloud,” Moshe explained. did. “This is a dangerous bypass, especially as more organizations continue to move more businesses and functions to the cloud.”

Did you find this article interesting?Please follow us twitter When LinkedIn To read more exclusive content that we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog